Palo Alto Exam Questions with Complete Solutions 2023

Palo Alto Exam Questions with Complete Solutions 2023 An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions enable you to configure the firewall to perform which operation? A. Delete packet data when a virus is suspected. B. Download new antivirus signatures from WildFire. C. Block traffic when a WildFire virus signature is detected. D. Upload traffic to WildFire when a virus is suspected. -Answer- D. Upload traffic to WildFire when a virus is suspected. An Interface Management Profile can be attached to which two interface types? (Choose two.) A. Tap B. Layer 2 C. Loopback D. Layer 3 E. Virtual Wire -Answer- C. Loopback D. Layer 3 App-ID running on a firewall identifies applications using which three methods? (Choose three.) A. PAN-DB lookups B. WildFire lookups C. Application signatures D. Program heuristics E. Known protocol decoders -Answer- C. Application signatures D. Program heuristics E. Known protocol decoders Application block pages can be enabled for which applications? A. any B. web-based C. MGT port-based D. non-TCP/IP -Answer- B. web-based Because a firewall examines every packet in a session, a firewall can detect application ________? A. shifts B. errors C. groups D. filters -Answer- A. shifts Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that you should take which action? A.Reboot the firewall. B. Validate your Security policy rules. C. Validate connectivity to the PAN-DB cloud. D. Re-download the URL seed database. -Answer- C. Validate connectivity to the PANDB cloud. For which firewall feature should you create forward trust and forward untrust certificates? A. SSH decryption B. SSL forward proxy decryption C. SSL client-side certificate checking D. SSL Inbound Inspection decryption -Answer- B. SSL forward proxy decryption If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type? A. Data Filtering B. WildFire Submissions C. Threat D. Traffic -Answer- C. Threat If there is an HA configuration mismatch between firewalls during peer negotiation, which state will the passive firewall enter? A. PASSIVE B. NON-FUNCTIONAL C. ACTIVE D. INITIAL -Answer- B. NON-FUNCTIONAL In a destination NAT configuration, which option accurately completes the following sentence? A Security policy rule should be written to match the _______. A. original pre-NAT source and destination addresses, and the pre-NAT destination zone B. original pre-NAT source and destination addresses, but the post-NAT destination zone C. post-NAT source and destination addresses, and the post-NAT destination zone D. post-NAT source and destination addresses, but the pre-NAT destination zone - Answer- B. original pre-NAT source and destination addresses, but the post-NAT destination zone In a Security Profile, which action does a firewall take when the profiles action is configured as Reset Server? (Choose two.) A. For UDP sessions, the connection is reset. B. For UDP sessions, the connection is dropped. C. The client is reset. D. The traffic responder is reset. -Answer- B. For UDP sessions, the connection is dropped. D. The traffic responder is reset. In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.) A. policies B. networks C. objects D. logs -Answer- A. policies B. networks C. objects